PKI for DGS - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

PKI for DGS

Description:

... In the world of credit cards, one needs a credit card as well as a merchant ... Online and Secure participation and access to Information. Improved transparency ... – PowerPoint PPT presentation

Number of Views:61

Avg rating:3.0/5.0

Slides: 24

Provided by: Binal2

Category:

more less

Transcript and Presenter's Notes

Title: PKI for DGS

1
PKI for DGSD e-Procurement
2
Expanding E-Business
Customers
Business Partners, Banks, Agents, Govt. etc
Public Internet
Employees
Extranet
Intranet
3

Result?
Growing Need and Acceptance of E-Commerce
And what are the various E-Commerce Initiatives?
e-Tendering
e-Procurement
Net Banking
Online Ticketing
Online Stock Trading / Broking
And Does Business Continue to Happen The Way It
Did?
No

4
Challenges in Electronic business

Enable Trust Security
Authentication How do you verify the identity
of the users ?
Confidentiality How do you ensure that the
information sent is read only by intended users
and nobody else?
Integrity How do you prevent tampering of
information ?
Non Repudiation How do you prove the origin of
the information ?

5
Challenges in Electronic businessContd.

Meeting Statutory Requirements
Paper work still required for meeting authorized
signatures
Meeting Financial Audit Requirements
Operational
Scope for Repudiation of electronic
communications/ transactions
Generation courier costs associated with
Physical document exchange
Time required for Physical document exchange

Is E-Procurement An Exception?
..No!
How Do We Address the Challenges that
E-Procurement Faces Today?

7
How can we secure e-Procurement?

The security features incorporated in an
e-Procurement Application ensures that all
activities are logged, no unauthorized person has
access to data, all sensitive data is encrypted
and system can be restored in a minimal possible
time in case of a disaster or system crash, with
the help of
Audit Trail
Data Encryption
Secure User and Administrator access
Process Validation
SSL Certificate (128 bit Encryption)

And what is the Technology Behind This Security?
Public Key Infrastructure (PKI)
OR
Public Key Cryptography
Lets have a Look at the Basic Concepts of PKI

9
Public Key Cryptography

Each user is issued a related pair of keys
Public (published for all to see)
Private (kept secret)
What one key encrypts, only
the other key can decrypt !!

10
Encryption
Ciphertext

A sends confidential data to B, knowing that only
B can decrypt what is sent
A encrypts with Bs public key (openly available)
B decrypts with his own private key (kept secret)

11
Objective Achieved..

Confidentiality no third party can see the data
enroute
Whats to be achieved?
Authentication - B cannot be sure that it was A
who sent the message
Integrity - no third party can alter the data
Non-Repudiation B can change what data was
sent. So no proof that what A sent is indeed what
B received

12
Digital Signature
Ciphertext

A encrypts with As private key (available only
with A)
B decrypts with As public key (available
publicly)
B cant alter data sent by A!!!

13
Objective Achieved..

Authentication
B knows for sure this has come from A
Integrity
Data Sent by A cannot be altered, enroute or
anytime later, though it can be viewed
Non-repudiation
A cannot disclaim data signed at a later date.

14
Therefore..

Encryption Digital Signature
Authentication
Confidentiality
Integrity
Non-Repudiation

15
Key Components of a PKI

A Digital Certificate
An application that accepts the certificate
An analogy In the world of credit cards, one
needs a credit card as well as a merchant that
accepts the credit card!

16
In other words

.. There are two key processes to reap the
benefits of PKI
The process of issuance and management of the
Digital Certificate the CA aspect of PKI
The process of acceptance of the certificate to
build trust and security into an e-Commerce
application the Application Integration aspect
of PKI

17
The CA aspect involves

Designing Certificate policies to ensure a
trustworthy PKI implementation
Lifecycle management of Digital Certificates
Issuance
Revocation
Renewal
Validation Designing and operating processes to
ensure that
the entity requesting the cert is indeed who he
or she claims to be
The entity meets the minimum qualification
criteria laid down by the accepting or
relying party
End User Management Ensuring that the end user
remains transparent to the technical complexities
and is able to use the technology in a simple and
effective manner

18
Legal Sanctity DC issued by SafeScrypt

SafeScrypt is the First Licensed CA in India
The Indian IT Act 2000, gives legal validity to
all Digital Signatures created with Certificates
issued by SafeScrypt
A Digital Signature created with a SafeScrypt
Digital Certificate enjoys the same privileges as
a physical signature in a paper-based transaction
and will be upheld in a court of law in the event
of a dispute.

19
Benefits of Digital Certificates andDigital
Signature

Uniquely authenticates Users
Therefore, can be used in place of all
conventional User ID / Password based
authentication systems
Legal Recognition of transactions signed using
Digital certificates (IT Act 2000)
Therefore, can be used in any application that
requires
Signing of invoices, policies, forms, POs,
agreements, etc.
Security and integrity based on Encryption and
Digital Signatures
Therefore, can be used for all kinds of secure
transactions, supply chain applications,etc.

20
Benefits of E-Procurement

Online and Secure participation and access to
Information
Improved transparency
Reduced procurement cycle time
Better cost efficiency through reduced cost of
logistics during tender participation
Introduction of state of art technology in area
of webbased Business Process Model (B. P.M.)
Integration of procurement process through single
website for entire community
Integrated M. I. S on materials management

21
What SafeScrypt brings to the table?